When the device tries to do Hybrid join, the registration fails, and the events are logged. Resolution If the infrastructure is in a non-Hybrid join environment, these event IDs are expected during Windows 10 deployment. So i updated to windows 10 creator and in my event viewer i am getting Windows Hello for Business provisioning will not be launched. Device is AAD joined ( AADJ or DJ ): Not Tested User has logged.
Device Registration Technical Reference. 2 minutes to read.In this articleThe Device Registration Service (DRS) is a new Windows service that is included with the Active Directory Federation Service Role on Windows Server 2012 R2. The DRS must be installed and configured on all of the federation servers in your AD FS farm. For information on deploying DRS, see. Active Directory objects created when a device is registeredThe following Active Directory objects are created as part of Device Registration Service. Device Registration ConfigurationThe Device Registration Configuration is stored in the Configuration naming context of the Active Directory forest.
(For example, CN=Device Registration Configuration,CN=Services,). This object is created when the Active Directory forest is initialed for Device Registration.The Device Registration Configuration includes the following elements:.Issuer keysThe public and private keys used to issue the X.509 certificate that is associated with a registered device. The private keys are DKM protected.Device Registration Service ConfigurationPolicies relating to the Device Registration Service.Registered devices containerThe device object container is created under one of the domains in the Active Directory forest. This object container will contain all of the device objects for the Active Directory forest.By default, the container is created in the same domain as AD FS.
(For example, CN=RegisteredDevices,DC=).This object is created when the Active Directory forest is initialed for Device Registration. Registered devicesDevice objects are new, light weight objects in Active Directory. They are used to represent the relationship between: a user, a device, and the company. Device objects use a certificate signed by AD FS to anchor the physical device to the logical device object in Active Directory.Registered devices includes the following elements:.Display NameFriendly name of the device.
For windows devices, this is the host name of the computer.Device IdA GUID that is generated by the Device Registration server.Certificate ThumbprintThe certificate thumbprint of the X.509 certificate that is used with the registered device.OS TypeThe operating system type on the device.OS VersionThe version of the operating system on the device.Is EnabledA Boolean that indicates if the device is enabled in Active Directory. Only enabled devices are allowed to access to services.Approximate Last Use TimeThe approximate time the device was used to access a resource. To limit replication traffic, this is only updated once every 14 days.Registered OwnerThe Security Identity (SID) of the user that joined this device to the workplace.AD FS/DRS Server SSL certificate revocation checkingThe Workplace Join client checks the validity of the AD FS Server SSL certificate. If the AD FS Server SSL certificate includes a Certificate Revocation List (CRL) endpoint, the client must be able to reach the endpoint specified to validate the certificate.If you are using a test environment and a test certificate authority (CA) to issue your server SSL certificates then you can choose to not include the CRL endpoint in the server certificates issued by your CA. Doing so will allow the Workplace Join client to bypass the CRL check.
I am not sure about the error, but has someone set a GPO to automatically register the machines? I would do a gpresult /scope computer /h gpresult.html one of the machines and see if there has been a GPO set.The GPO can be found at Computer Configuration Policies Administrative Templates Windows Components Device Registration. Right-click Register domain-joined computers as devices or Computer Configuration Policies AdministrativeTemplates Windows Components Workplace Join Automatically workplace join client computers. Sorry my bad. I realised that after I posted my comment.
Thanks for highlighting that.The policy where I have disabled ( Computer Configuration Policies Administrative Templates Windows Components Device Registration. Right-click Registerdomain-joined computers as devices)is getting deployed. I am currently checking all the other policies that are currently deployed to the windows 10 devices.But I have noticed on these devices that:. the scheduled task (Automatic-Device-Join) is disabled. Hi,Yes I have tested if join a Win10 1607 device into on-premises domain, the 304 event log error will appear even I disable the device registration GPO like you have configured, also no device registration is configured/enabled and no ADFS isused. I'm not sure if it is by designed, so I think you'd better request a support ticket with Microsoft CSS for help to confirm this.A similar thread like yours here:Regards,JimmyPlease remember to mark the replies as answers if they help.If you have feedback for TechNet Subscriber Support, contact. PolicySettingCommentRegister domain joined computers as devicesDisabled.